Scusate il ritardo ma il lavoro è sempre prioritario.Ho fatto quello che viene descritto. Posto i vari log:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x32 Windows 7 (Ultimate), 6.1.7601.24511, Service Pack: 1
Time: 02.09.2019 - 14:43 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Tasca Pane (group: Administrator) on TASCAPANE-PC, FirstRun: yes
Firefox: 68.0.2.7164
Internet Explorer: 11.0.9600.19431
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files\4dots Software\Free File Unlocker\luminati\net_svc.exe
1 C:\Program Files\4dots Software\Free File Unlocker\net_updater32.exe
1 C:\Program Files\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
1 C:\Program Files\Google\Update\1.3.34.11\GoogleCrashHandler.exe
1 C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
1 C:\Program Files\Macrium\Reflect\ReflectService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1 C:\Program Files\Microsoft Security Client\NisSrv.exe
1 C:\Program Files\Microsoft Security Client\msseces.exe
1 C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1 C:\Program Files\SwitchService\svc\hkeyswsvc.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Users\Tasca Pane\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\msconfig.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
13 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] =
www.google.comO2 - HKLM\..\BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe
O4 - HKLM\..\Run: [MSC] = C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner.exe /MONITOR (HKCU) (2019/04/22)
O4 - MSConfig\startupreg: SUPERAntiSpyware [command] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (HKCU) (2019/07/05)
O4 - MSConfig\startupreg: Web Companion [command] = C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (HKCU) (2019/08/18) (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi a PDF esistente: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi destinazione link a PDF esistente: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti destinazione link in Adobe PDF: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti in Adobe PDF: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&sporta in Microsoft Excel: (default) = C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\I&nvia a OneNote: (default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone:
http://webcompanion.comO16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.191.2 [CODEBASE] =
http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cabO16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_31 [CODEBASE] =
http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cabO16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.191.2 [CODEBASE] =
http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cabO16 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: Shockwave Flash Object [CODEBASE] =
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\0PerformanceMonitor: (no name) - {3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: AK910SwitchService - C:\Program Files\AK910SwitchService\svc\AK910SwitchService.exe
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
O23 - Service R2: CodeMeter Runtime Server - (CodeMeter.exe) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: FreemakeVideoCapture - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service R2: Key4SwitchService - C:\Program Files\SwitchService\svc\hkeyswsvc.exe
O23 - Service R2: Luminati Net Updater - (luminati_net_updater_win_freefileunlocker_4dotssoftware_com) - C:/Program Files/4dots Software/Free File Unlocker/net_updater32.exe --updater win_freefileunlocker.4dotssoftware.com
O23 - Service R2: Macrium Reflect Image Mounting Service - (ReflectService.exe) - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service R2: Management Service smart card embedded in a MicroSD - (SCSD_Service) - C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service R2: SQL Server (SQLEXPRESS) - (MSSQL$SQLEXPRESS) - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -sSQLEXPRESS
O23 - Service R2: WC Assistant - (WCAssistantService) - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service R3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S2: LiveUpdate - (LiveUpdateSvc) - (no file)
O23 - Service S2: Namirial WakeUpSD Service - (WakeUpSvc) - C:\Windows\system32\Namirial\WakeUpSDService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Firebird Server - DefaultInstance - (FirebirdServerDefaultInstance) - (no file)
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Visual Studio Standard Collector Service - (VSStandardCollectorService140) - C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x86
Ran by Tasca Pane (Administrator) on 02/09/2019 at 14:21:00,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Failed to delete: C:\ProgramData\lavasoft\web companion (Folder)
Failed to delete: C:\Program Files\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Roaming\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3K0F7HD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3K0F7HD (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/09/2019 at 14:33:51,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
End of file - Time spent: 58,1 sec. - 20336 bytes, CRC32: FFFFFFFF. Sign: Ⲱ䮖
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 09/02/2019 02:34:55 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\Namirial\WakeUpSDService.exe (PID: 3224) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 09/02/2019 02:41:12 PM
Execution time: 0 hours(s), 6 minute(s), and 16 seconds(s)
Mi resta solo da deframmentare